Every CVE whose affected-product data names Pyjwt Project Pyjwt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2017-11424 — CVSS 7.5 (high): In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys…
CVE-2026-32597 — CVSS 7.5 (high): PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined…
CVE-2026-48526 — CVSS 7.4 (high): PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both…
CVE-2022-29217 — CVSS 7.4 (high): PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting…
CVE-2025-45768 — CVSS 7.0 (high): pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the…
CVE-2026-48523 — CVSS 5.4 (medium): PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when…
CVE-2026-48525 — CVSS 5.3 (medium): PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload…
CVE-2026-48522 — CVSS 4.2 (medium): PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen(…
CVE-2026-48524 — CVSS 3.7 (low): PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS…
CVE-2024-53861 — CVSS 2.2 (low): pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being…